/* 
 * 字符集过滤器
 */
package com.adp.util;

import com.adf.config.Config;
import com.ruoyi.common.xss.XssHttpServletRequestWrapper;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class SetCharacterEncodingFilter implements Filter
{
    private FilterConfig filterConfig = null;

    public void init(FilterConfig filterConfig) throws ServletException
    {

        this.filterConfig = filterConfig;
    }
    public void doFilter(ServletRequest request, ServletResponse response,
                         FilterChain chain)
    {


        try
        {
        	//解决漏洞点击劫持：X-Frame-Options未配置
        	/*HttpServletResponse res = (HttpServletResponse) response; 
        	res.setHeader("x-frame-options", "SAMEORIGIN"); */
        	
            //解决漏洞点击劫持：X-Frame-Options未配置
            HttpServletResponse res = (HttpServletResponse) response;
            //res.setHeader("x-frame-options", "SAMEORIGIN"); 
            res.setHeader("Access-Control-Allow-Origin", "*");
        	
            if(!Config.encode.equalsIgnoreCase("utf-8"))
            {//如果当前项目采用的不是UTF-8编码
                HttpServletRequest httpRequest=(HttpServletRequest)request;
                String contentType=httpRequest.getContentType();
                if (contentType != null
                        && contentType.toLowerCase().startsWith(
                                "application/x-www-form-urlencoded; charset=utf-8"))
                {//报表提交
                    request.setCharacterEncoding("UTF-8");
                }else
                {
                    request.setCharacterEncoding(Config.encode);
                }
                response.setContentType("text/html; charset="+ Config.encode);
            }else
            {
                request.setCharacterEncoding("UTF-8");
                response.setContentType("text/html;charset=UTF-8");
            }
            
            String uri = ((HttpServletRequest) request).getRequestURI();
            
            //System.out.println(uri);
            //特殊url不走过滤器
            if (uri.contains("dologin") || uri.contains("doResetPwd") || uri.contains("changePassword") 
            		|| uri.contains("sendMessage") 
            		|| uri.contains("sendMessageSave") 
            		|| uri.contains("showMessage") 
            		|| uri.contains("viewMessage") 
            		|| uri.contains("saveFlowXML") 
            	|| uri.contains("AdpGo")) {
                chain.doFilter(request, response);
            } else {
                XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
                chain.doFilter(xssRequest, response);
            }
            //XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
            //chain.doFilter(xssRequest, response);
            //chain.doFilter(request,response);
        } catch (Exception e)
        {
            e.printStackTrace();
        }
    }
    
    /*
    public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
        //包装request
        XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
        chain.doFilter(xssRequest, response);
    }
    */

    public void destroy()
    {
        this.filterConfig = null;
    }
}